This repository is intended to be a public-safe template. It must not contain real credentials, production hostnames, private IP inventories, private registry URLs, webhook URLs, private keys or organization-specific secrets.
- Use Ansible Vault, environment variables or an external secret manager.
- Keep Vault password files outside the repository.
- Rotate any credential that was ever committed before publishing a derived project.
Open a GitHub issue for template hardening suggestions. Do not include sensitive data in public issues.